"Russian Hackers Use Western Networks to Attack Ukraine"

Security researchers at Lupovis have discovered that Russian hackers are using their presence inside the networks of organizations in the UK, US, and elsewhere to launch attacks against Ukraine.  The researchers set up a series of decoys on the web to lure Russian threat actors so they could study their tactics, techniques, and procedures (TTPs).  This included fake “honeyfile” documents leaked to cybercrime forums and spoofed to contain what appeared to be critical usernames, passwords, and other information.  The researchers noted that other decoys included insecurely configured web portals designed to mimic Ukrainian political and governmental sites and “high interaction and ssh services.” The latter were configured to accept the fake credentials from the web portals.  The researchers stated that the exercise highlighted just how primed and ready Russian threat actors are to seize on any evidence of Ukrainian targets.  Some 50–60 human actors interacted with just five decoys, with many of them reaching the honeypots within just a minute of them going live.  The researchers noted that the duped hackers attempted to carry out a variety of attacks, ranging from reconnaissance of the lure information to conscripting them into DDoS botnets and exploitation of SQL injection and other bugs.  The researchers stated that the most concerning finding from their study is that Russian cyber-criminals have compromised the networks of multiple global organizations, including a Fortune 500 business, over 15 healthcare organizations, and a dam monitoring system.  The researchers stated that these organizations were based in the UK, France, the US, Brazil, and South Africa, and Russian criminals are rerouting through their networks to launch cyberattacks on Ukraine, which effectively means they are using these organizations to carry out their dirty work.  The researchers hypothesized that the threat actors may be Russian cybercriminals rather than state actors.  The researchers noted that given that their research shows over 15 healthcare organizations had been compromised by Russian criminals, this could suggest the attackers are working under the radar on their networks and using their access to launch attacks on other institutions.  The researchers stated that once they are discovered, they then launch ransomware attacks on the healthcare organizations’ systems or perform data breaches.  This would suggest attackers are maximizing every tool in their arsenal to compromise an organization before moving on to their next victim.

Infosecurity reports: "Russian Hackers Use Western Networks to Attack Ukraine"